Hi Everyone, I am always under the impression that one can NOT ping the outside interface of a Cisco PIX firewall unless the command is used:
conduit permit icmp any any conduit permit ip any any Well, I have a Cisco pix Firewall 515-UR model (96MB RAM/16MB Flash). This PIX firewall is running code version 6.0(1) with pdm version 1.11. Guess what, I can ping the outside interface just fine without the two commands mentioned above. Am I missing something? Below is the config: pixfirewall# wr t Building configuration... : Saved : PIX Version 6.0(1) nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 intf2 security10 enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted hostname pixfirewall fixup protocol ftp 21 fixup protocol http 80 fixup protocol h323 1720 fixup protocol rsh 514 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol sip 5060 fixup protocol skinny 2000 names pager lines 24 interface ethernet0 auto interface ethernet1 auto interface ethernet2 auto shutdown mtu outside 1500 mtu inside 1500 mtu intf2 1500 ip address outside 172.16.1.73 255.255.255.0 ip address inside 192.168.1.73 255.255.255.0 ip address intf2 127.0.0.1 255.255.255.255 ip audit info action alarm ip audit attack action alarm no failover failover timeout 0:00:00 failover poll 15 failover ip address outside 0.0.0.0 failover ip address inside 0.0.0.0 failover ip address intf2 0.0.0.0 pdm history enable arp timeout 14400 static (inside,outside) 172.16.1.71 192.168.1.71 netmask 255.255.255.255 0 0 route outside 0.0.0.0 0.0.0.0 172.16.1.254 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server RADIUS protocol radius no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable no sysopt route dnat telnet timeout 5 ssh timeout 5 terminal width 80 : end pixfirewall(config)# sh ver Cisco Secure PIX Firewall Version 6.0(1) PIX Device Manager Version 1.1(1) Compiled on Thu 17-May-01 20:05 by morlee pixfirewall up 12 hours 18 mins Hardware: PIX-515, 96 MB RAM, CPU Pentium 200 MHz Flash i28F640J5 @ 0x300, 16MB BIOS Flash AT29C257 @ 0xfffd8000, 32KB 0: ethernet0: address is 0050.54ff.7a24, irq 10 1: ethernet1: address is 0050.54ff.7a25, irq 7 2: ethernet2: address is 00aa.00bc.ba87, irq 11 Licensed Features: Failover: Enabled VPN-DES: Enabled VPN-3DES: Disabled Maximum Interfaces: 6 Cut-through Proxy: Enabled Guards: Enabled Websense: Enabled Throughput: Unlimited ISAKMP peers: Unlimited [alam@linux-ccie]$ ping 172.16.1.73 PING 172.16.1.73 (172.16.1.73) from 172.16.1.253 : 56(84) bytes of data. Warning: time of day goes back, taking countermeasures. 64 bytes from 172.16.1.73: icmp_seq=0 ttl=255 time=962 usec 64 bytes from 172.16.1.73: icmp_seq=1 ttl=255 time=297 usec 64 bytes from 172.16.1.73: icmp_seq=2 ttl=255 time=288 usec --- 172.16.1.73 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max/mdev = 0.288/0.515/0.962/0.316 ms [alam@linux-ccie]$ _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=26617&t=26617 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
